Trying to break into CyberSec, yet no one wants to hire entry level

Danielm7

Shane2 wrote: »

I have hands on experience in cybersecurity. Any decent System Administrator will work in a few of the 8 domains.

Very true, I went from systems to security, tons of transferable skills.

Scan For Security

The main problem is that everybody think if they have certification that's it Actually no, first of all you need to have some kind of experience and no just "working in the domain of ... bla bla" but real hands on experience. Coding, Win/Linux administration, networking and of course hacking (at least mobile / web applications on start).

The best thing here will be not only run blog, but for example participate in bug bounty projects (hackerone, OpenBugBounty), code some stuff and share it via GitHub, take part with such platforms like cybrary, do tests, write stuff.

Shane2

johndoee wrote: »

The point was everyone has a (minimal) secret clearance that's in IT in DC. . You need to bring something else to the table besides for that...actually a lot of people have higher clearances. That goes to the point of stepping your cc's up. Although easier said than done. But good luck anyway

I know you were not bragging about a secret clearance. I know that

Minimal clearance is Public Trust. I have been working on skills and certifications to “bring something else to the table”. Nowhere in my post does it say I am relying on my clearance.

In fact, I am asking for suggestions on making myself more marketable. Your suggestion is “make yourself more marketable”. You are the exact type of person that gives IT folks a bad name. Unwilling to help, and only negative and condescending.

Shane2

Scan For Security wrote: »

The main problem is that everybody think if they have certification that's it Actually no, first of all you need to have some kind of experience and no just "working in the domain of ... bla bla" but real hands on experience. Coding, Win/Linux administration, networking and of course hacking (at least mobile / web applications on start).

The best thing here will be not only run blog, but for example participate in bug bounty projects (hackerone, OpenBugBounty), code some stuff and share it via GitHub, take part with such platforms like cybrary, do tests, write stuff.

I don’t think having a cert is everything. The only reason I am getting the cert is to get past the filters.

jeremywatts2005

Dude here is a suggestion. Why not focus toward the Incident Response/Monitoring side of Security. Many of your skills fit in that arena. You are in DC and SOC guys are desperately needed. Look for SOC jobs and tailor your resume that way. Your helpdesk experience should help you in a role for monitoring in a SOC at the very least.

mmcabe

@Shane2, I think your time is better spent getting very specific hands-on experience. I don't know what your office is like, but can you ask the firewall admins if they need help? If they won't let you touch the firewalls, ask if they need help with documentation. Get involved with backup restores and disaster recovery planning and implementation, user rights and permissions reviews, inventory updates, etc. No one has time to implement all of that the way they should. Worm your way into that department; I guarantee they are overworked and need assistance, but they need to trust you know what you're doing. That may take awhile.

If you're locked into your role at work, go build that linux network I mentioned earlier. You can build and configure any security tool imaginable for free once you get that set up. Subscribe to CERT alerts and check in with the Qualys site regularly so you can stay on top of real-world events. Check a few servers with SSLLabs and you will learn more about certificates than any book will teach you.

A couple years from now, both you and the paper CISSP will be in front of the hiring manager, and you know who he'll pick in the end.

Shane2

jeremywatts2005 wrote: »

Dude here is a suggestion. Why not focus toward the Incident Response/Monitoring side of Security. Many of your skills fit in that arena. You are in DC and SOC guys are desperately needed. Look for SOC jobs and tailor your resume that way. Your helpdesk experience should help you in a role for monitoring in a SOC at the very least.

Just got a contact about an incident response position this morning. I still need to revamp my resume, but I’m hoping I get a call back.

Shane2

mmcabe wrote: »

@Shane2, I think your time is better spent getting very specific hands-on experience. I don't know what your office is like, but can you ask the firewall admins if they need help? If they won't let you touch the firewalls, ask if they need help with documentation. Get involved with backup restores and disaster recovery planning and implementation, user rights and permissions reviews, inventory updates, etc. No one has time to implement all of that the way they should. Worm your way into that department; I guarantee they are overworked and need assistance, but they need to trust you know what you're doing. That may take awhile.

If you're locked into your role at work, go build that linux network I mentioned earlier. You can build and configure any security tool imaginable for free once you get that set up. Subscribe to CERT alerts and check in with the Qualys site regularly so you can stay on top of real-world events. Check a few servers with SSLLabs and you will learn more about certificates than any book will teach you.

A couple years from now, both you and the paper CISSP will be in front of the hiring manager, and you know who he'll pick in the end.

This is probably what I will do. I have VM workstation, and I use that as a pentesting lab, I’m a beginner, but I’m willing to “Try Harder”. My plan is to set up another vm lab and blog my experience. I’m going to start writing my first blog this weekend, which will be a review of the CCNA Cyber Ops.

triplea

Its kinds the same position in the UK

Plenty of companies want someone but 99% of them all want someone who has experience. Some of these have been up for MONTHS.

I started looking at the beginning of the year ( they did actually want someone with 2nd/3rd line and an interest in security ) and got down to the last 2. If I would have got the job then the title change would really of been all I needed forever I feel )

Ive been a SA for 17 years now over a couple of companies and also hold the SEC+ and SSCP, have included on CV as much to do with security as poss, but apparently not enough as the job title doesn't say SECURITY.

No one wants to give the people trying to get in a chance to build. Employers are as much to blame!

NavyMooseCCNA

triplea wrote: »

Its kinds the same position in the UK

Plenty of companies want someone but 99% of them all want someone who has experience. Some of these have been up for MONTHS.

I started looking at the beginning of the year ( they did actually want someone with 2nd/3rd line and an interest in security ) and got down to the last 2. If I would have got the job then the title change would really of been all I needed forever I feel )

Ive been a SA for 17 years now over a couple of companies and also hold the SEC+ and SSCP, have included on CV as much to do with security as poss, but apparently not enough as the job title doesn't say SECURITY.

No one wants to give the people trying to get in a chance to build. Employers are as much to blame!

Completely agree.

Shane2

triplea wrote: »

Its kinds the same position in the UK

Plenty of companies want someone but 99% of them all want someone who has experience. Some of these have been up for MONTHS.

I started looking at the beginning of the year ( they did actually want someone with 2nd/3rd line and an interest in security ) and got down to the last 2. If I would have got the job then the title change would really of been all I needed forever I feel )

Ive been a SA for 17 years now over a couple of companies and also hold the SEC+ and SSCP, have included on CV as much to do with security as poss, but apparently not enough as the job title doesn't say SECURITY.

No one wants to give the people trying to get in a chance to build. Employers are as much to blame!

Sad to hear it is the same across the pond. Here you hear about a extreme lack of candidates, yet there is a real unwillingness to hire and train even experienced IT professionals.

If there is a lack of professionals, and you refuse to hire anyone without direct experience, that gap will never close.

It makes no sense.

Good luck on the hunt, bud!

TeKniques

I think that some people get too caught up on outlining their technical skills on the resume rather than accomplishments. If you want to separate yourself from the competition, experience or not, you need to show the employer what you bring to the table that the rest do not. Simply outlining that you know x, y, z and have this-and-that certification are not enough imo. If you're applying for a security position, outline what you've accomplished in security for your current or past employers - you set up a firewall? Great, every other applicant can do the same thing ...

You also need to sell yourself in an interview once you get it ... so don't overlook the soft skills!

Syntax

Shane2 wrote: »

Sad to hear it is the same across the pond. Here you hear about a extreme lack of candidates, yet there is a real unwillingness to hire and train even experienced IT professionals.

If there is a lack of professionals, and you refuse to hire anyone without direct experience, that gap will never close.

It makes no sense.

Good luck on the hunt, bud!

I've been trying to sell myself by describing the CCNA Cyber Ops certification... I really wish that Cisco would re-brand that certification as something other than CCNA. When people hear CCNA they think just networking and working with Cisco gear when the exam has almost nothing to do with that. I argue that the training provided is most relevant to actual security analyst positions out there.

Syntax

TeKniques wrote: »

I think that some people get too caught up on outlining their technical skills on the resume rather than accomplishments. If you want to separate yourself from the competition, experience or not, you need to show the employer what you bring to the table that the rest do not. Simply outlining that you know x, y, z and have this-and-that certification are not enough imo. If you're applying for a security position, outline what you've accomplished in security for your current or past employers - you set up a firewall? Great, every other applicant can do the same thing ...

You also need to sell yourself in an interview once you get it ... so don't overlook the soft skills!

It depends... I think some places seem to only care about what you know and if you can work with their technologies. It depends on the role that you're going for. If the roles are highly technical, they mostly care that you have experience with 'X'. The soft skills and such are nice to have but when they're screening candidates they're looking for the technical stuff more than anything. If the position is less technical and more on the policy side of things the soft skills matter more since they expect you to interact with people, senior management, etc.

josephandre

Shane2 wrote: »

Minimal clearance is Public Trust. I have been working on skills and certifications to “bring something else to the table”. Nowhere in my post does it say I am relying on my clearance.

In fact, I am asking for suggestions on making myself more marketable. Your suggestion is “make yourself more marketable”. You are the exact type of person that gives IT folks a bad name. Unwilling to help, and only negative and condescending.

Guys a clown. Ignore him.

You’ll find something you just need to be aggressive in your search

518

anyone here with TS and CISSP and wants to start a career in cybersec, we have a position available overseas. the first $102k salary is tax free...message me.

infosecs

I can confirmn what OP mentioned. It is very difficult to get a job unless one has worked on exactly the same tools and technologies that the employers are asking for. No one wants to see how much potential you have, how much you are willing to learn or how much you know. They are only looking for knowledge and hands on experience in specific segments of infosec. Preference is given to already trained employees of competitors so there goes the shortage of cyber security skills shortage BS.

anthonx

I've been hearing a lot about there are no entry level jobs for cyber security and I came across this job posting. It seems like some companies are hiring entry level after all. The job looks like its really entry level, like 50% of your time spent training...

[FONT=&quot]Entry-level Cyber Security Analysts (recent graduates)[/FONT]
[FONT=&quot]Bank of Canada40 reviews - Ottawa, ON[/FONT]

TechGromit

Shane2 wrote: »

... and hold a Secret Clearance. I'm having a hard time finding a new position...

Wow this is a surprise to me, I thought anyone with a secret or higher security clearance and a pulse was pretty much ensured a job somewhere.

infosecs

anthonx wrote: »

I've been hearing a lot about there are no entry level jobs for cyber security and I came across this job posting. It seems like some companies are hiring entry level after all. The job looks like its really entry level, like 50% of your time spent training...

[FONT=&amp]Entry-level Cyber Security Analysts (recent graduates)[/FONT]
[FONT=&amp]Bank of Canada40 reviews - Ottawa, ON[/FONT]

You are making the classic mistake, the one that took me almost two months to figure out the hard way.
Check # 4 in first post of my thread - http://www.techexams.net/forums/jobs-degrees/133184-my-cyber-security-job-search-experience-so-far-wish-i-had-known-earlier.html
and the last post.
What we see is the truth, NOT the whole truth. Fresh graduates are being hired by banks, canadian tire, ibm, fire eye and others. Those with 7+ years of specific experience with specific tools are in great demand.
What we are not being told is
a. The ones with some experience need not waste their time
b. Those trying to break in from other Fields like Networking, IT Admin need not apply.
c. Those that are willing to learn cybersecurity need not apply.

anthonx

infosecs wrote: »

You are making the classic mistake, the one that took me almost two months to figure out the hard way.
Check # 4 in first post of my thread - http://www.techexams.net/forums/jobs-degrees/133184-my-cyber-security-job-search-experience-so-far-wish-i-had-known-earlier.html
and the last post.
What we see is the truth, NOT the whole truth. Fresh graduates are being hired by banks, canadian tire, ibm, fire eye and others. Those with 7+ years of specific experience with specific tools are in great demand.
What we are not being told is
a. The ones with some experience need not waste their time
b. Those trying to break in from other Fields like Networking, IT Admin need not apply.
c. Those that are willing to learn cybersecurity need not apply.

What a coincidence... You are the last one to post on this thread and also from Toronto... I don't want to create a new thread so I just continued in this old post. So any luck with your cyber security job search?

infosecs

anthonx wrote: »

So any luck with your cyber security job search?

Not yet, quite a few interviews but nothing has materialized.
I will now focus on smaller organizations and ignore Banks completely. Waste of time.
Saw lots more jobs geared towards Fresh graduates. I am pretty sure that "International students" are the new "outsourcing" boom in GTA. The huge influx of students has suddenly become very attractive option for employers to exploit who are grabbing them for peanuts. People with 1 to 4 years experience are being left on the side.

aderon

jt2929 wrote: »

How do you have CISSP with no security experience? Same with the OP, why go after a cert that requires 5 (or4) years of relevant experience if you don't have it?

The CISSP experience requirements are extremely easy to hit and almost any job in IT would likely qualify you if you have at least 5 years. Some of the domains ask for things like "Understanding and use of CIA triad" or something to that effect. I don't think I've ever had an IT job that hasn't touched that in some respect.

cowill

Sounds like you are having resume/soft skill related issues or not applying for the right jobs.

A clearance, 3 years as a sys ad is more than enough to break through in CS. Especially in the Dc area. I know people with NO IT exp that jump into CS with less.

anthonx

cowill wrote: »

Sounds like you are having resume/soft skill related issues or not applying for the right jobs.

A clearance, 3 years as a sys ad is more than enough to break through in CS. Especially in the Dc area. I know people with NO IT exp that jump into CS with less.

TS is from Toronto, Canada. The US government doesn't give clearances for non-US citizens. Maybe, someone in here can share if there are any exceptions.

cowill

anthonx wrote: »

TS is from Toronto, Canada. The US government doesn't give clearances for non-US citizens. Maybe, someone in here can share if there are any exceptions.

Im not sure we are reading the same thread. Please review.

cowill

Danielm7 wrote: »

You have clearance, some experience and are in DC, maybe it's your resume?

I was thinking the same.....

anthonx

cowill wrote: »

Im not sure we are reading the same thread. Please review.

Yeah, I got things mixed up. Apologies.

Kapital

anthonx wrote: »

Yeah, I got things mixed up. Apologies.

have you tried for the soul killing, graveyard shift SOC Level 1 jobs at the MSP? No one wants these jobs anyways but can get your foot in the door.

Z0sickx

i've done ACAS on both sides of the house...feel free to ask for pointers in a PM